Here you will find information about the collection and use of personal data when using our website. In doing so, we comply with the data protection law applicable for Germany. You can access this policy at any time on our website. We explicitly state that data transmission on the Internet (e.g. communication by e-mail) is subject to security vulnerabilities and cannot be completely protected against access by third parties. The use of the contact data of our imprint for commercial advertising is expressly not desired, unless we had previously given our written consent or a business relationship already exists. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.
1. Responsible entity
The responsible party in terms of the DSGVO for processing your personal data via this internet platform is greenhats ® GmbH, Buchenweg 22, 35096 Weimar (Lahn), owner Arwid Carlo Zang.
2. Purpose of collection of personal data
You can visit our website without providing personal data. As far as personal data (such as surname, first name, maiden name, as well as the declaration that you are acting exclusively as a consumer according to § 13 BGB (German Civil Code); optionally, address and bank data (bank details, PayPal)) are collected on our pages, this is done according to (Art. 6 para. 1a DSGVO) based on your consent.
Insofar as a contractual relationship is to be established between you and us, or its content is to be developed or changed, or you submit an inquiry to us, we collect and use personal data from you insofar as this is necessary for the fulfillment of contractual obligations (Art. 6 para. 1 b DSGVO) (inventory data). We collect, process and use personal data to the extent necessary to enable you to use the website (usage data). This includes in particular the pre-contractual measures, as well as the measures necessary for the execution.
The purposes of the data processing primarily depend on the specific service order (e.g. IT security service (security checks / control bug bounty / penetration tests); data protection / compliance and forensics (data protection web check / control bug bounty compliance / other); auditing of management systems; insurance solutions; software solutions).
In addition, when you use our website, your browser automatically transmits server log data. This is information about operating systems, browser type and version, referrer (URL of the page from which you reached us), IP address and time of visit.
Your personal data will not be disclosed to third parties without your express consent. This may be necessary in the course of the execution of the contract. In point 6 you will find the possible third parties listed.
3. How long is personal data stored?
We generally process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. Retention periods under tax and commercial law are taken into account. By order of the competent authorities, we may provide information on this data (inventory data) in individual cases, insofar as this is necessary for the purposes of criminal prosecution, averting danger, fulfilling the statutory tasks of the constitution protection authorities or the military counterintelligence service, or enforcing intellectual property rights.
4. Data sources
In the context of the comment function, we collect personal data (e.g. name, e-mail) in the context of your comments on a post only to the extent that you have provided it to us. When publishing a comment, the email address you provide will be stored but not published. Your name will be published if you have not written under a pseudonym.
When using the contact form, data necessary for processing will be collected. This includes, among other things, your name, address and email address, as well as telephone number and possibly tax identification number and account information. The processing of the data serves exclusively the processing of your contact or the processing of the contractual relationship.
5. Data subject rights
As a user of our website, you have the right, in accordance with Art. 15 DSGVO, to request information from us about the data stored about you or your pseudonym. According to Art. 16 DSGVO, you have the right to rectification. In addition, you may exercise your right to erasure in accordance with Art. 17 of the GDPR or restrict data processing in accordance with Art. 18 of the GDPR. Upon request, we will provide you with your data in a structured, common and machine-readable format in accordance with Art. 20 DSGVO. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
Should you use your right to object in accordance with Art. 21 DSGVO, we will no longer process the personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
Please note that for security reasons, inquiries can only be answered in written form. For this purpose and to exercise your right of objection and revocation, please contact us at the following address: email@example.com.
6. Who receives my data?
Within greenhats® GmbH, access to your data is granted to those offices that need it to fulfill contractual obligations or for which you have given us your consent to transfer data. Processors used by us (Art. 28 DSGVO) may also receive data for these purposes. These are companies in the categories of consulting services companies in the areas of IT security, software solutions, insurance solutions, compliance consulting and data protection consulting, among others. With regard to the transfer of data to recipients outside greenhats® GmbH, it should be noted that we only work with processors who provide sufficient guarantees that appropriate technical and organizational measures are used that are in line with the legal requirements for data protection and ensure the protection of the rights of the data subjects. You can find the transmitted data in the GTCs of the respective partners.
When you register and log in to our site, we use so-called session cookies to recognize that you have already visited individual pages of our website. Session cookies are automatically deleted after you leave our website.
We use the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube LLC with its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
On some of our web pages, we use plugins from the provider YouTube in extended data protection mode, so that no cookies are stored. When you access the Internet pages of our website that are provided with such a plugin - for example, our media library - a connection is established to the YouTube servers and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in to YouTube as a member, YouTube assigns this information to your personal user account. When using the plugin, such as clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of the companies YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies of the companies.
Further information on data processing and notes on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.